Lucene search
IohexWPVDB-ID:69351798-C790-42D4-9485-1813CD325769HistoryNov 16, 2021 - 12:00 a.m.
SportsPress < 2.7.9 - Reflected Cross-Site Scripting
2021-11-1600:00:00
iohex
wpscan.com
5
0.001 Low
EPSS
Percentile
40.2%
The plugin does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue
PoC
| CPE | Name | Operator | Version |
|---|---|---|---|
| sportspress | lt | 2.7.9 |
Related
cnvd
cnvd
wpexploit
wpexploit
SportsPress < 2.7.9 - Reflected Cross-Site Scripting
2021-11-16 00:00:00
nvd
nvd
CVE-2021-24578
2021-12-21 09:15:06
prion
prion
Cross site scripting
2021-12-21 09:15:00
cvelist
cvelist
CVE-2021-24578 SportsPress < 2.7.9 - Reflected Cross-Site Scripting
2021-12-21 08:45:25
patchstack
patchstack
cve
cve
CVE-2021-24578
2021-12-21 09:15:06